US8478478B2ActiveUtilityPatentIndex 49
Processor system and fault managing unit thereof
Est. expiryJul 31, 2029(~3.1 yrs left)· nominal 20-yr term from priority
G05B 2219/24021G05B 19/0428G05B 2219/24059
49
PatentIndex Score
3
Cited by
10
References
30
Claims
Abstract
A processor system having a processor core, a plurality of modules connected to the processor core and configured to generate respective fault signals, and a fault managing unit connected to the processor core and to the plurality of modules. The fault managing unit is adapted to collect a first fault signal generated by a first module of the plurality of modules which is in a fault condition, analyze said collected first fault signal, and generate a first reaction signal to be selectively transmitted to said processor core and said first module.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A processor system, comprising:
a processor core;
a plurality of modules coupled to the processor core and configured to generate respective fault signals, the plurality of modules including a first module configured to generate a first fault signal and a second module configured to generate a second fault signal; and
a fault managing unit coupled to the processor core and to the plurality of modules,
the fault managing unit including:
an input module configured to receive the first and second fault signals generated by the second module of the plurality of modules; and
a diagnosis and reaction module configured to analyze the first fault signal and the second fault signal, generate a first reaction signal and a second reaction signal, and selectively transmit the first and second reaction signals to the processor core and the first module.
2. The system of claim 1 , further comprising:
a bus interconnecting the fault managing unit, the processor core, and the plurality of modules to exchange the first fault signal, the second fault signal, the first reaction signal, and the second reaction signal.
3. The system of claim 2 wherein the fault managing unit further comprises:
an output module coupled to the diagnosis and reaction module and configured to transmit the first reaction signal and the at least a second reaction signal on the bus.
4. The system of claim 1 wherein the diagnosis and reaction module is configured to:
generate an alarm signal as the first reaction signal and transmit the alarm signal to the processor core, which is configured to recover the first module from a fault condition; and
generate a command signal as the first reaction signal and transmit the command signal to the first module, which is configured to recover the first module from a fault condition.
5. The system of claim 4 wherein the first fault signal is configured to selectively represent a first fault condition and a second fault condition; the fault managing unit configured to generate the alarm signal when the first fault signal represents the first fault condition and to generate the command signal when the first fault signal represents the second fault condition.
6. The system of claim 5 wherein the fault managing unit is configured to assume an alarm state when the alarm signal is generated, and the core processor is configured to generate a safety signal in response to a recovery from the fault condition, the fault managing unit configured to receive the safety signal.
7. The system of claim 6 wherein the fault managing unit is configured to transition from the alarm state to a fault state and to generate the command signal in response to receipt of the safety signal for a time equal or greater than a waiting time.
8. The system of claim 1 wherein the fault managing unit is a finite state machine.
9. The system of claim 1 wherein the managing unit is configured to receive and manage fault signals due to at least one of the following errors: a random error; a random hardware error, and a random software error.
10. The system of claim 1 wherein the first module is at least one of the following modules: a memory error detection module, a digital word comparator, a power voltage monitor, and a clock monitor.
11. The system of claim 4 wherein the fault managing unit is configured to:
generate the alarm signal as an interrupt signal that is configured to request the processor core to reset the first module; and
generate the command signal as a reset signal and directly send the reset signal to the first module.
12. The system of claim 7 wherein the fault managing unit is configured to further transition to:
an initial state in response to receipt of a destructive reset signal; and
a normal state in which the fault managing unit is configured to wait for one further fault signal.
13. The system of claim 1 wherein the system comprises a microcontroller integrated on a semiconductor chip.
14. A system, comprising
a processor core,
a plurality of modules coupled to the processor core and configured to generate respective fault signals, the plurality of modules including a first module configured to generate a first fault signal when in a fault condition;
an automotive apparatus configured to be controlled by said processor core; and
a fault managing unit configured to:
receive the first fault signal;
analyze the first fault signal;
generate a first reaction signal that includes at least one of an alarm signal and a command signal;
if the first reaction signal includes the alarm signal, selectively transmit the alarm signal to said processor core and cause the processor core to recover the first module from the fault condition; and
if the first reaction signal includes the command signal, selectively transmit the command signal to said first module and cause the first module to recover from the fault condition.
15. The system of claim 14 wherein the fault managing unit comprises:
an input module configured to receive a first fault signal generated by the first module and at least a second fault signal generated by at least a second module of the plurality of modules; and
a diagnosis and reaction module configured to analyze the first fault signal and the at least second fault signal and generate a first reaction signal and at least one second reaction signal.
16. The system of claim 14 , wherein:
the first module is configured to selectively generate said first fault signal with a first indication that represents a first fault condition and with a second indication that represents a second fault condition that is more critical than the first fault condition; and
the fault managing unit is configured to generate the alarm signal in response to determining that the first fault signal includes the first indication that represents the first fault condition and to generate the command signal in response to determining that the first fault signal includes the second indication that represents the second fault condition.
17. A circuit, comprising:
an input module configured to be coupled to a core processor and to a plurality of operative modules including a first module configured to generate a first fault signal representing either a first fault condition or a second fault condition that is more critical than the first fault condition; the input module configured to receive the first fault signal;
a diagnosis and reaction module configured to analyze the first fault signal and to generate a first reaction signal having a criticality indicator that depends on whether the first fault signal represents the first fault condition or the second fault condition; and
an output module coupled to the diagnosis and reaction module and configured to receive the first reaction signal and to selectively transmit the first reaction signal to the core processor and to the first module in accordance with the criticality data wherein:
the circuit is configured to generate an alarm signal when the first fault signal represents the first fault condition and to generate a command signal when the fault signal represents the second fault condition.
18. The system of claim 17 wherein the circuit is configured to transition to an alarm state in which the alarm signal is generated, and the core processor configured to generate a safety signal in response to receiving an indication that the first module has recovered from one of the first and second fault conditions.
19. The system of claim 18 wherein the circuit is configured to transition from the alarm state to a fault state and to generate the command signal in response to receiving the safety signal for a time equal to or greater than a waiting time.
20. The system of claim 17 wherein the circuit comprises a finite state machine.
21. A processor system, comprising:
a processor core;
a plurality of modules coupled to the processor core and configured to generate respective fault signals, the plurality of modules including a first module configured to generate a first fault signal and a second module configured to generate a second fault signal; and
a fault managing unit coupled to the processor core and to the plurality of modules, the fault managing unit configured to:
receive the first fault signal;
analyze the received first fault signal; and
generate a first reaction signal to be selectively transmitted to said processor core and the first module, the first reaction signal includes one of the following signals:
an alarm signal transmitted to the processor core, which is configured to recover the first module from a fault condition;
a command signal transmitted to the first module and configured to recover the first module from a fault condition.
22. The system of claim 21 wherein the first fault signal is configured to selectively represent a first fault condition and a second fault condition; the fault managing unit configured to generate the alarm signal when the first fault signal represents the first fault condition and to generate the command signal when the first fault signal represents the second fault condition.
23. The system of claim 22 wherein the fault managing unit is configured to assume an alarm state when the alarm signal is generated, and the core processor is configured to generate a safety signal in response to a recovery from the fault condition, the fault managing unit configured to receive the safety signal.
24. The system of claim 23 wherein the fault managing unit is configured to transition from the alarm state to a fault state and to generate the command signal in response to receipt of the safety signal for a time equal or greater than a waiting time.
25. A system, comprising
a processor core,
a plurality of modules coupled to the processor core and configured to generate respective fault signals, the plurality of modules including a first module configured to generate a first fault signal and a second module configured to generate a second fault signal;
an automotive apparatus configured to be controlled by the processor core; and
a fault managing unit configured to:
receive the first fault signal generated by the first module when in a fault condition;
analyze the received first fault signal; and
generate a first reaction signal in response to the analyzing the received first fault signal, the reaction signal configured to be selectively transmitted to the processor core and to the first module that is in the fault condition, the fault managing unit comprises:
an input module configured to receive the first fault signal and at least the second fault signal generated by the second module of the plurality of modules; and
a diagnosis and reaction module configured to analyze the first fault signal and the second fault signal and generate a first reaction signal and at least one second reaction signal.
26. The system of claim 25 wherein the first reaction signal includes at least one of the following signals:
an alarm signal configured to cause the first module to recover from the fault condition;
a command signal configured to cause the first module to recover from the fault condition.
27. The system of claim 25 wherein the first fault signal is configured to selectively represent a first fault condition and a second fault condition that is more critical than the first fault condition; the fault managing unit configured to generate the alarm signal when the first fault signal represents the first fault condition and to generate the command signal when the first fault signal represents the second fault condition.
28. A circuit, comprising:
a core processor;
a plurality of operative modules including a first module and a second module that are each configured to generate first and second fault signals, respectively, which selectively represent respectively a first fault condition and a second fault condition that is more critical than the first fault condition,
an input module configured to be coupled to a core processor and to the input module and configured to receive fault signals generated by the plurality of operative modules, including the first and second fault signals;
a diagnosis and reaction module configured to analyze the first fault signal received from the first module when the first module is in a fault condition and to generate a first reaction signal having a criticality data associated therewith;
an output module coupled to the diagnosis and reaction module and configured to receive the first reaction signal and to selectively transmit the first reaction signal to the core processor and to the first module in the fault condition in accordance with the criticality data; and
the circuit configured to generate an alarm signal when the first fault signal represents the first fault condition and to generate a command signal when the fault signal represents the second fault condition, the circuit configured to transition to an alarm state in which the alarm signal is generated, and the core processor configured to generate a safety signal in response to the first module recovering from the fault condition.
29. The system of claim 28 wherein the circuit is configured to transition from the alarm state to a fault state and to generate the command signal in response to a receipt of the safety signal for a time equal to or greater than a waiting time.
30. The system of claim 28 wherein the circuit comprises a finite state machine.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.